package com.microsoft.mmx.agents.ypp.authclient.auth;

import Microsoft.Windows.MobilityExperience.Health.Agents.BaseActivity;
import android.annotation.SuppressLint;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.WorkerThread;
import com.microsoft.connecteddevices.AsyncOperation;
import com.microsoft.mmx.agents.logging.ILogger;
import com.microsoft.mmx.agents.logging.LogDestination;
import com.microsoft.mmx.agents.logging.TraceContext;
import com.microsoft.mmx.agents.util.TelemetryUtils;
import com.microsoft.mmx.agents.ypp.authclient.auth.AuthManager;
import com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager;
import com.microsoft.mmx.agents.ypp.authclient.auth.IAuthStorage;
import com.microsoft.mmx.agents.ypp.authclient.crypto.CryptoManager;
import com.microsoft.mmx.agents.ypp.authclient.crypto.IdentityExpiredException;
import com.microsoft.mmx.agents.ypp.authclient.crypto.KeyRotationOperation;
import com.microsoft.mmx.agents.ypp.authclient.service.AuthCustomEventDetails;
import com.microsoft.mmx.agents.ypp.authclient.service.IAuthServiceClient;
import com.microsoft.mmx.agents.ypp.authclient.service.InvalidIdentityException;
import com.microsoft.mmx.agents.ypp.authclient.telemetry.AuthManagerTelemetry;
import com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager;
import com.microsoft.mmx.agents.ypp.authclient.trust.TrustManagerFactory;
import com.microsoft.mmx.agents.ypp.authclient.utils.AuthTelemetryUtils;
import com.microsoft.mmx.agents.ypp.configuration.PlatformConfiguration;
import com.microsoft.mmx.logging.ContentProperties;
import dagger.Lazy;
import io.reactivex.functions.Action;
import io.reactivex.functions.Consumer;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArraySet;
import java.util.concurrent.Executor;
import java.util.concurrent.Executors;
import javax.inject.Inject;
import javax.inject.Singleton;

@Singleton
/* loaded from: classes2.dex */
public class AuthManager implements IAuthManager {
    public static final String DEFAULT_SCOPE = "general";
    private final Lazy<IAuthServiceClient> authServiceClient;
    private final IAuthStorage authStorage;
    private final CryptoManager cryptoManager;
    private final KeyRotationOperation keyRotationOperation;
    private final Log logger;
    private final PlatformConfiguration platformConfiguration;
    private final AuthManagerTelemetry telemetry;

    @Nullable
    private ITrustManager trustManager;
    private final TrustManagerFactory trustManagerFactory;
    private final Executor authExecutor = Executors.newSingleThreadExecutor();
    private final Set<IAuthManager.DeviceIdChangedListener> listeners = new CopyOnWriteArraySet();
    private final Set<AsyncOperation> pendingOperations = Collections.synchronizedSet(new HashSet());

    /* loaded from: classes2.dex */
    public final class Log {
        private static final String ANOMALY = "AuthManagerAnomalyEvent";
        private final ILogger logger;
        private final String tag = AuthManager.class.getSimpleName();

        public Log(@NonNull ILogger iLogger) {
            this.logger = iLogger;
        }

        public void a() {
            this.logger.logDebug(this.tag, ContentProperties.NO_PII, "Clearing auth state", new Object[0]);
        }

        public void b() {
            this.logger.logDebug(this.tag, ContentProperties.NO_PII, "Establishing new identity", new Object[0]);
        }

        public void c() {
            this.logger.logDebug(this.tag, ContentProperties.NO_PII, "Existing identity returned", new Object[0]);
        }

        public void d(String str, Throwable th, TraceContext traceContext) {
            this.logger.logEvent(ANOMALY, "FailedRemovingKeyPair", th.getMessage(), new AuthCustomEventDetails.Builder().forAnomaly().setResultDetails(th).addData("deviceId", str).build().getData(), traceContext, LogDestination.Remote);
        }

        public void e(String str) {
            this.logger.logDebug(this.tag, ContentProperties.NO_PII, "Completed key rotation successfully for deviceId: %s", str);
        }

        public void f() {
            this.logger.logDebug(this.tag, ContentProperties.NO_PII, "DeviceId listener added", new Object[0]);
        }

        public void g() {
            this.logger.logDebug(this.tag, ContentProperties.NO_PII, "DeviceId listener removed", new Object[0]);
        }

        public void h(@NonNull Exception exc, @NonNull TraceContext traceContext) {
            this.logger.logEvent(ANOMALY, "InvalidDeviceIdAnomalyEvent", AuthCustomEventDetails.getSerializedDefaultAnomalyData(exc), traceContext, LogDestination.Remote);
        }

        public void i(Exception exc, TraceContext traceContext) {
            this.logger.logException(this.tag, ContentProperties.NO_PII, "Exception while attempting to establish a new identity.", exc, traceContext, LogDestination.Local);
        }

        public void j(Exception exc, TraceContext traceContext) {
            this.logger.logException(this.tag, ContentProperties.NO_PII, "Exception while attempting to refresh access token.", exc, traceContext, LogDestination.Local);
        }

        public void k(String str, Exception exc, TraceContext traceContext) {
            this.logger.logException(this.tag, ContentProperties.NO_PII, "Key rotation failed", exc, Collections.singletonMap("deviceId", str), traceContext, LogDestination.Local);
        }

        public void l(Throwable th, TraceContext traceContext) {
            this.logger.logEvent(ANOMALY, "InvalidIdentity", th.getMessage(), new AuthCustomEventDetails.Builder().forAnomaly().setResultDetails(th).build().getData(), traceContext, LogDestination.Remote);
        }

        public void m() {
            this.logger.logDebug(this.tag, ContentProperties.NO_PII, "Notifying %d listeners of removed device id", Integer.valueOf(AuthManager.this.listeners.size()));
        }

        public void n() {
            this.logger.logDebug(this.tag, ContentProperties.NO_PII, "Notifying %d listeners of new device id", Integer.valueOf(AuthManager.this.listeners.size()));
        }

        public void o(boolean z, @NonNull String str) {
            this.logger.logDebug(this.tag, ContentProperties.NO_PII, "Refreshing access token with forceRefresh=%s and scope=%s", Boolean.valueOf(z), str);
        }

        public void p(String str) {
            this.logger.logDebug(this.tag, ContentProperties.NO_PII, "Removed key pair for deviceId: %s", str);
        }

        public void q() {
            this.logger.logDebug(this.tag, ContentProperties.NO_PII, "Replacing expired identity", new Object[0]);
        }

        public void r(String str) {
            this.logger.logDebug(this.tag, ContentProperties.NO_PII, "Starting key rotation for deviceId: %s", str);
        }
    }

    @Inject
    public AuthManager(@NonNull Lazy<IAuthServiceClient> lazy, @NonNull IAuthStorage iAuthStorage, @NonNull ILogger iLogger, @NonNull TrustManagerFactory trustManagerFactory, @NonNull AuthManagerTelemetry authManagerTelemetry, @NonNull CryptoManager cryptoManager, @NonNull KeyRotationOperation keyRotationOperation, @NonNull PlatformConfiguration platformConfiguration) {
        this.authServiceClient = lazy;
        this.authStorage = iAuthStorage;
        this.logger = new Log(iLogger);
        this.trustManagerFactory = trustManagerFactory;
        this.telemetry = authManagerTelemetry;
        this.cryptoManager = cryptoManager;
        this.keyRotationOperation = keyRotationOperation;
        this.platformConfiguration = platformConfiguration;
    }

    @WorkerThread
    private synchronized AuthState createNewIdentity(@NonNull TraceContext traceContext) {
        AuthState createNewAuthState;
        TraceContext createChild = traceContext.createChild();
        BaseActivity startEstablishIdentityActivity = this.telemetry.startEstablishIdentityActivity(createChild);
        try {
            AccessToken blockingGet = this.authServiceClient.get().createIdentity(createChild).blockingGet();
            AuthState authState = this.authStorage.getAuthState();
            createNewAuthState = this.authStorage.createNewAuthState(blockingGet.getDeviceId(), blockingGet);
            if (authState != null) {
                notifyListenersOfRemovedDeviceId(authState.getDeviceId(), createChild);
            }
            notifyListenersOfNewDeviceId(createNewAuthState.getDeviceId(), createChild);
            this.telemetry.logActivityEnd(startEstablishIdentityActivity);
        } catch (Exception e2) {
            this.logger.i(e2, createChild);
            this.telemetry.logActivityEndExceptional("createNewIdentity", e2, startEstablishIdentityActivity, traceContext);
            handleServiceErrors(e2, traceContext);
            throw new AuthManagerException(e2);
        }
        return createNewAuthState;
    }

    /* JADX INFO: Access modifiers changed from: private */
    @NonNull
    @WorkerThread
    /* renamed from: getAuthState, reason: merged with bridge method [inline-methods] */
    public synchronized AuthState h(@NonNull TraceContext traceContext) {
        AuthState authState = this.authStorage.getAuthState();
        if (authState == null) {
            this.logger.b();
            return createNewIdentity(traceContext);
        }
        if (!isDeviceIdExpired(authState)) {
            this.logger.c();
            return authState;
        }
        this.logger.q();
        return createNewIdentity(traceContext);
    }

    private void handleServiceErrors(@NonNull Exception exc, @NonNull TraceContext traceContext) {
        if ((exc instanceof IdentityExpiredException) || (exc instanceof InvalidIdentityException)) {
            this.logger.l(exc, traceContext);
            clear();
        }
    }

    private boolean isAccessTokenExpired(@NonNull AccessToken accessToken) {
        return accessToken.a().minus(this.platformConfiguration.getTokenExpirationLeewayTime()).isBeforeNow();
    }

    private boolean isDeviceIdExpired(@NonNull AuthState authState) {
        return authState.b().plus(this.platformConfiguration.getIdentityExpirationTime()).isBeforeNow();
    }

    private void notifyListenersOfNewDeviceId(@NonNull final String str, @NonNull final TraceContext traceContext) {
        this.logger.n();
        if (this.trustManager != null) {
            AsyncOperation.runAsync(new Runnable() { // from class: e.b.c.a.i3.a.a.a
                @Override // java.lang.Runnable
                public final void run() {
                    AuthManager.this.i(str, traceContext);
                }
            });
        }
        for (final IAuthManager.DeviceIdChangedListener deviceIdChangedListener : this.listeners) {
            AsyncOperation.runAsync(new Runnable() { // from class: e.b.c.a.i3.a.a.f
                @Override // java.lang.Runnable
                public final void run() {
                    IAuthManager.DeviceIdChangedListener.this.onDeviceIdProvisioned(str);
                }
            });
        }
    }

    @SuppressLint({"CheckResult"})
    private void notifyListenersOfRemovedDeviceId(@NonNull final String str, @NonNull TraceContext traceContext) {
        this.logger.m();
        ITrustManager iTrustManager = this.trustManager;
        if (iTrustManager != null) {
            iTrustManager.deviceIdDeprovisioned(str, traceContext);
        }
        for (final IAuthManager.DeviceIdChangedListener deviceIdChangedListener : this.listeners) {
            AsyncOperation.runAsync(new Runnable() { // from class: e.b.c.a.i3.a.a.i
                @Override // java.lang.Runnable
                public final void run() {
                    IAuthManager.DeviceIdChangedListener.this.onDeviceIdDeprovisioned(str);
                }
            });
        }
    }

    private <T> AsyncOperation<T> processPendingOperation(@NonNull final AsyncOperation<T> asyncOperation) {
        this.pendingOperations.add(asyncOperation);
        return asyncOperation.whenComplete(new AsyncOperation.ResultBiConsumer() { // from class: e.b.c.a.i3.a.a.c
            @Override // com.microsoft.connecteddevices.AsyncOperation.ResultBiConsumer
            public final void accept(Object obj, Object obj2) {
                AuthManager.this.j(asyncOperation, obj, (Throwable) obj2);
            }
        });
    }

    @WorkerThread
    private synchronized AccessToken refreshAccessToken(@NonNull AuthState authState, @NonNull AuthManagerTelemetry.RefreshType refreshType, @NonNull String str, @NonNull TraceContext traceContext) {
        AccessToken blockingGet;
        TraceContext createChild = traceContext.createChild();
        BaseActivity startRefreshTokenActivity = this.telemetry.startRefreshTokenActivity(refreshType, createChild);
        try {
            blockingGet = this.authServiceClient.get().signIn(authState.getDeviceId(), str, createChild).blockingGet();
            this.authStorage.updateToken(authState.getDeviceId(), blockingGet);
            this.telemetry.logActivityEnd(startRefreshTokenActivity);
        } catch (Exception e2) {
            this.logger.j(e2, createChild);
            this.telemetry.logActivityEndExceptional("refreshAccessToken", e2, startRefreshTokenActivity, traceContext);
            handleServiceErrors(e2, traceContext);
            throw new AuthManagerException(e2);
        }
        return blockingGet;
    }

    private synchronized void rotateKeysIfNecessary(@NonNull String str, @NonNull TraceContext traceContext) {
        if (this.cryptoManager.isKeyRotationNecessary(str, traceContext)) {
            this.logger.r(str);
            TraceContext createChild = traceContext.createChild();
            BaseActivity startKeyRotationActivity = this.telemetry.startKeyRotationActivity(createChild);
            Throwable blockingGet = this.keyRotationOperation.performKeyRotation(str, createChild).blockingGet();
            if (blockingGet == null) {
                this.logger.e(str);
                this.telemetry.logActivityEnd(startKeyRotationActivity);
            } else if (blockingGet instanceof Exception) {
                this.logger.k(str, (Exception) blockingGet, createChild);
                this.telemetry.logActivityEndExceptional("rotateKeysIfNecessary", (Exception) blockingGet, startKeyRotationActivity, traceContext);
            }
        }
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    public void addDeviceIdChangedListener(@NonNull IAuthManager.DeviceIdChangedListener deviceIdChangedListener) {
        this.listeners.add(deviceIdChangedListener);
        this.logger.f();
    }

    public /* synthetic */ void b(AuthState authState) {
        this.logger.p(authState.getDeviceId());
    }

    public /* synthetic */ void c(AuthState authState, TraceContext traceContext, Throwable th) {
        this.logger.d(authState.getDeviceId(), th, traceContext);
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    public void clear() {
        final TraceContext createNewTraceContext = TelemetryUtils.createNewTraceContext(AuthTelemetryUtils.UNKNOWN_AUTH, AuthTelemetryUtils.AUTH_MANAGER_CLEAR_TRIGGER);
        this.logger.a();
        final AuthState authState = this.authStorage.getAuthState();
        Executor executor = this.authExecutor;
        final IAuthStorage iAuthStorage = this.authStorage;
        Objects.requireNonNull(iAuthStorage);
        executor.execute(new Runnable() { // from class: e.b.c.a.i3.a.a.p
            @Override // java.lang.Runnable
            public final void run() {
                IAuthStorage.this.clear();
            }
        });
        Iterator it = new HashSet(this.pendingOperations).iterator();
        while (it.hasNext()) {
            AsyncOperation asyncOperation = (AsyncOperation) it.next();
            if (!asyncOperation.isDone() && !asyncOperation.isCancelled()) {
                asyncOperation.cancel(true);
            }
        }
        this.pendingOperations.clear();
        if (authState != null) {
            this.cryptoManager.removeKeyPair(authState.getDeviceId(), createNewTraceContext).subscribe(new Action() { // from class: e.b.c.a.i3.a.a.j
                @Override // io.reactivex.functions.Action
                public final void run() {
                    AuthManager.this.b(authState);
                }
            }, new Consumer() { // from class: e.b.c.a.i3.a.a.b
                @Override // io.reactivex.functions.Consumer
                public final void accept(Object obj) {
                    AuthManager.this.c(authState, createNewTraceContext, (Throwable) obj);
                }
            });
            notifyListenersOfRemovedDeviceId(authState.getDeviceId(), createNewTraceContext);
        }
    }

    public /* synthetic */ void d(AuthState authState, TraceContext traceContext) {
        rotateKeysIfNecessary(authState.getDeviceId(), traceContext);
    }

    public /* synthetic */ String e(final TraceContext traceContext, String str, String str2, boolean z) {
        final AuthState h = h(traceContext);
        if (str != null && !Objects.equals(str, h.getDeviceId())) {
            IllegalArgumentException illegalArgumentException = new IllegalArgumentException("DeviceId does not match established identity");
            this.logger.h(illegalArgumentException, traceContext);
            throw illegalArgumentException;
        }
        String lowerCase = str2 != null ? str2.toLowerCase() : DEFAULT_SCOPE;
        AccessToken accessToken = h.a().get(lowerCase);
        this.authExecutor.execute(new Runnable() { // from class: e.b.c.a.i3.a.a.k
            @Override // java.lang.Runnable
            public final void run() {
                AuthManager.this.d(h, traceContext);
            }
        });
        if (accessToken == null) {
            this.logger.o(z, lowerCase);
            return refreshAccessToken(h, AuthManagerTelemetry.RefreshType.NEW_TOKEN, lowerCase, traceContext).getToken();
        }
        if (z) {
            this.logger.o(true, lowerCase);
            return refreshAccessToken(h, AuthManagerTelemetry.RefreshType.FORCE_REFRESH, lowerCase, traceContext).getToken();
        }
        if (!isAccessTokenExpired(accessToken)) {
            return accessToken.getToken();
        }
        this.logger.o(false, lowerCase);
        return refreshAccessToken(h, AuthManagerTelemetry.RefreshType.EXPIRED, lowerCase, traceContext).getToken();
    }

    public /* synthetic */ String f(TraceContext traceContext) {
        return h(traceContext).getDeviceId();
    }

    public /* synthetic */ ITrustManager g(String str) {
        if (this.trustManager == null) {
            this.trustManager = this.trustManagerFactory.getForDeviceId(str);
        }
        return this.trustManager;
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    @NonNull
    public AsyncOperation<String> getAccessToken(boolean z, @Nullable String str, @NonNull TraceContext traceContext) {
        return getAccessToken(z, str, null, traceContext);
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    @NonNull
    public AsyncOperation<String> getAccessToken(final boolean z, @Nullable final String str, @Nullable final String str2, @NonNull final TraceContext traceContext) {
        return processPendingOperation(AsyncOperation.supplyAsync(new AsyncOperation.Supplier() { // from class: e.b.c.a.i3.a.a.e
            @Override // com.microsoft.connecteddevices.AsyncOperation.Supplier
            public final Object get() {
                return AuthManager.this.e(traceContext, str2, str, z);
            }
        }, this.authExecutor));
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    @NonNull
    public AsyncOperation<String> getDeviceId(@NonNull final TraceContext traceContext) {
        return processPendingOperation(AsyncOperation.supplyAsync(new AsyncOperation.Supplier() { // from class: e.b.c.a.i3.a.a.g
            @Override // com.microsoft.connecteddevices.AsyncOperation.Supplier
            public final Object get() {
                return AuthManager.this.f(traceContext);
            }
        }, this.authExecutor));
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    @NonNull
    public AsyncOperation<ITrustManager> getTrustManager(@NonNull TraceContext traceContext) {
        return getDeviceId(traceContext).thenApplyAsync(new AsyncOperation.ResultFunction() { // from class: e.b.c.a.i3.a.a.h
            @Override // com.microsoft.connecteddevices.AsyncOperation.ResultFunction
            public final Object apply(Object obj) {
                return AuthManager.this.g((String) obj);
            }
        }, this.authExecutor);
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    public boolean hasActiveIdentity() {
        if (this.authStorage.getAuthState() == null) {
            return false;
        }
        return !isDeviceIdExpired(r0);
    }

    public /* synthetic */ void i(String str, TraceContext traceContext) {
        this.trustManager.deviceIdProvisioned(str, traceContext);
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    @NonNull
    public AsyncOperation<Void> init() {
        return init(TelemetryUtils.createNewTraceContext(AuthTelemetryUtils.UNKNOWN_AUTH, AuthTelemetryUtils.AUTH_MANAGER_INIT_TRIGGER));
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    @NonNull
    public AsyncOperation<Void> init(@NonNull final TraceContext traceContext) {
        return processPendingOperation(AsyncOperation.runAsync(new Runnable() { // from class: e.b.c.a.i3.a.a.d
            @Override // java.lang.Runnable
            public final void run() {
                AuthManager.this.h(traceContext);
            }
        }, this.authExecutor));
    }

    public /* synthetic */ void j(AsyncOperation asyncOperation, Object obj, Throwable th) {
        this.pendingOperations.remove(asyncOperation);
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    public void removeDeviceIdChangedListener(@NonNull IAuthManager.DeviceIdChangedListener deviceIdChangedListener) {
        this.listeners.remove(deviceIdChangedListener);
        this.logger.g();
    }
}
